General
-
Target
ebd45bb1a1f3c24ca2c7c4d9c30efe71eea9b8246a750bd5722043703013af99.exe
-
Size
1.7MB
-
Sample
241124-ddyc3awrbp
-
MD5
c39eb549a7dc6f9f6eeababcaea602dc
-
SHA1
33c34ab34eb843e347694db102e68ae0b59d9c29
-
SHA256
ebd45bb1a1f3c24ca2c7c4d9c30efe71eea9b8246a750bd5722043703013af99
-
SHA512
8702781d879c22ef45362e0e539015670c3365724b519881ee6a7e10b241540080c196ddd52003b8395c338dbf8448485703b076e43c17e8466e41f41dc40ee4
-
SSDEEP
49152:6EAbSm7HDq7+ygwH+xvpQ2PgJ2RwjWQOViK:6Ea7HDq6Ekv9PggRwjWQO3
Static task
static1
Behavioral task
behavioral1
Sample
ebd45bb1a1f3c24ca2c7c4d9c30efe71eea9b8246a750bd5722043703013af99.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
ebd45bb1a1f3c24ca2c7c4d9c30efe71eea9b8246a750bd5722043703013af99.exe
-
Size
1.7MB
-
MD5
c39eb549a7dc6f9f6eeababcaea602dc
-
SHA1
33c34ab34eb843e347694db102e68ae0b59d9c29
-
SHA256
ebd45bb1a1f3c24ca2c7c4d9c30efe71eea9b8246a750bd5722043703013af99
-
SHA512
8702781d879c22ef45362e0e539015670c3365724b519881ee6a7e10b241540080c196ddd52003b8395c338dbf8448485703b076e43c17e8466e41f41dc40ee4
-
SSDEEP
49152:6EAbSm7HDq7+ygwH+xvpQ2PgJ2RwjWQOViK:6Ea7HDq6Ekv9PggRwjWQO3
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-